While building some demos for Kafka Support in NiFi I noticed the Publish
Kafka Processor is eating errors related to Kerberos and never returning the
error to NiFi making it never stop. Not sure what my actual error is but I'm
assuming we would actually want to fail on this error instead of retrying
forever in the background. This is on the HDF 3.1.2 release of NiFi 1.5 so I'm
not sure if it's been fixed in later releases or not.
2018-09-25 07:56:02,473 INFO [kafka-producer-network-thread | producer-1]
o.a.k.common.network.SaslChannelBuilder Failed to create channel due to
org.apache.kafka.common.errors.SaslAuthenticationException: Failed to configure
SaslClientAuthenticator
Caused by: org.apache.kafka.common.errors.SaslAuthenticationException: Failed
to create SaslClient with mechanism GSSAPI
Caused by: javax.security.sasl.SaslException: Failure to initialize security
context
at
com.sun.security.sasl.gsskerb.GssKrb5Client.<init>(GssKrb5Client.java:149)
at
com.sun.security.sasl.gsskerb.FactoryImpl.createSaslClient(FactoryImpl.java:63)
at javax.security.sasl.Sasl.createSaslClient(Sasl.java:384)
at
org.apache.kafka.common.security.authenticator.SaslClientAuthenticator$1.run(SaslClientAuthenticator.java:152)
at
org.apache.kafka.common.security.authenticator.SaslClientAuthenticator$1.run(SaslClientAuthenticator.java:147)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at
org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.createSaslClient(SaslClientAuthenticator.java:147)
at
org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.<init>(SaslClientAuthenticator.java:139)
at
org.apache.kafka.common.network.SaslChannelBuilder.buildClientAuthenticator(SaslChannelBuilder.java:162)
at
org.apache.kafka.common.network.SaslChannelBuilder.buildChannel(SaslChannelBuilder.java:126)
at
org.apache.kafka.common.network.Selector.buildChannel(Selector.java:260)
at org.apache.kafka.common.network.Selector.connect(Selector.java:223)
at
org.apache.kafka.clients.NetworkClient.initiateConnect(NetworkClient.java:793)
at
org.apache.kafka.clients.NetworkClient.access$700(NetworkClient.java:62)
at
org.apache.kafka.clients.NetworkClient$DefaultMetadataUpdater.maybeUpdate(NetworkClient.java:944)
at
org.apache.kafka.clients.NetworkClient$DefaultMetadataUpdater.maybeUpdate(NetworkClient.java:848)
at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:458)
at
org.apache.kafka.clients.NetworkClientUtils.isReady(NetworkClientUtils.java:39)
at
org.apache.kafka.clients.NetworkClientUtils.awaitReady(NetworkClientUtils.java:62)
at
org.apache.kafka.clients.producer.internals.Sender.awaitLeastLoadedNodeReady(Sender.java:415)
at
org.apache.kafka.clients.producer.internals.Sender.maybeSendTransactionalRequest(Sender.java:347)
at
org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:214)
at
org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:163)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.ietf.jgss.GSSException: Invalid name provided (Mechanism level:
Illegal character in realm name; one of: '/', ':', '' (600))
at
sun.security.jgss.krb5.Krb5NameElement.getInstance(Krb5NameElement.java:129)
at
sun.security.jgss.krb5.Krb5MechFactory.getNameElement(Krb5MechFactory.java:95)
at
sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:203)
at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:477)
at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:201)
at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:170)
at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:138)
at
com.sun.security.sasl.gsskerb.GssKrb5Client.<init>(GssKrb5Client.java:107)
... 24 common frames omitted
Thanks
Shawn Weeks
